build.rs 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. // -*- coding: utf-8 -*-
  2. //
  3. // Simple CMS
  4. //
  5. // Copyright (C) 2011-2024 Michael Büsch <m@bues.ch>
  6. //
  7. // Licensed under the Apache License version 2.0
  8. // or the MIT license, at your option.
  9. // SPDX-License-Identifier: Apache-2.0 OR MIT
  10. #![forbid(unsafe_code)]
  11. use build_target::target_arch;
  12. use cms_seccomp::{seccomp_compile_for_arch, Action, Allow};
  13. use std::{env, fs::OpenOptions, io::Write, path::Path};
  14. fn main() {
  15. let arch = target_arch().expect("Failed to get build target architecture");
  16. let seccomp_filter = seccomp_compile_for_arch(
  17. &[
  18. Allow::Read,
  19. Allow::Write,
  20. Allow::Recv,
  21. Allow::Send,
  22. Allow::Mmap,
  23. ],
  24. Action::Kill,
  25. arch.as_str(),
  26. )
  27. .expect("Failed to compile seccomp filter")
  28. .serialize();
  29. let out_dir = env::var("OUT_DIR").expect("OUT_DIR is not set");
  30. let mut filter_file = OpenOptions::new()
  31. .create(true)
  32. .truncate(true)
  33. .write(true)
  34. .open(Path::new(&out_dir).join("seccomp_filter.bpf"))
  35. .expect("Failed to open seccomp_filter.bpf");
  36. filter_file
  37. .write_all(&seccomp_filter)
  38. .expect("Failed to write seccomp_filter.bpf");
  39. }
  40. // vim: ts=4 sw=4 expandtab